Similar thing happened to Valve; people were trading gun skins, and regulators fined them for not having AML/KYC controls because the state argued "the business didn't do enough to stop money laundering."
This trickles out to porn companies (and the vendors that use them for identity verification), and implies that they need to store this data to prove that they didn't delete it to help terrorists.
1. There is no direct communication between R and D related to your proof of age. You will receive a message from R, send a message to D, receive a message from D, and send a message to R.
2. R gets no information other than (1) your age information, (2) what site D checked your documents, (3) the timestamps of when you exchanged messages with them.
3. The site D just gets (1) the documents you provide to prove your age, (2) a binary blob that you generate that is for all practical purposes random to anyone other than you [1], and (3) the timestamps of when you exchanged messages with them.
If someone compromises D all they get is copies of your documents (assuming D kept them) and those for all practical purposes random blobs (if they kept them), and timestamps. They don't get the identity of R, the site you were verifying your age to.
If someone compromises both R and D, they might try to match up timestamps to try to figure out who people really are. If D is busy enough and you add some delays in your message sending it should be possible to make this risk negligible.
[1] The blob is some data you receive from R, transformed by a random permutation chosen by you. To anyone who does not know the random permutation it is indistinguishable from random.
Basically, if you only want to verify age, you open the app in age verification mode. It will display your picture and a qr code but not your address and other sensitive info typically present on a drivers license. The participating* alcohol vendor then scans the qr code which only contains data like "over 21" and some sort of verification that the qr code isn't forged. I'm a bit hazy on how this last bit works but it really all pivots on how this bit is implemented. Could be good for privacy or a total nightmare.
*there are only 3 locations participating in this test phase, afaik
1. There's a provider that already has your data (it could be the government, a bank, a phone carrier etc). If more than one provider is supported, there's a list of trusted providers somewhere.
2. Whenever a website needs an age check, it asks you to authenticate with one of the trusted providers. The provider gets a challenge (a random string).
3. If you authenticate successfully, the provider uses their public key to provide a cryptographic signature of the challenge. This signed challenge is then transmitted back to the website.
In a more advanced version of this system, the website also provides a boolean expression, like `country_of_residence not in forbidden_countries && (age > 21 || (age > 18 && country_of_residence != "us"))`, and providers promise not to return successful responses for users who don't fulfill the expression criteria.
